× ¡Las cookies están desactivadas! Esta página requiere que las cookies estén activadas para funcionar correctamente
SHA256: 70713bda45c4b4a1791dd5f7bc3dcb124469a9a3525d643fe7ba9493a23998c5
Nombre: LE YE V107 MAPUTO-BL.doc
Detecciones: 42 / 58
Fecha de análisis: 2018-10-29 02:04:13 UTC ( hace 4 meses, 4 semanas )
Antivirus Resultado Actualización
Ad-Aware Trojan.GenericKD.5033326 20181028
AhnLab-V3 W97M/Downloader 20181029
ALYac Trojan.GenericKD.5033326 20181029
Antiy-AVL Trojan[Downloader]/MSOffice.Agent.dec 20181028
Arcabit HEUR.VBA.Trojan.d 20181029
Avast VBA:Downloader-EVZ [Trj] 20181029
AVG VBA:Downloader-EVZ [Trj] 20181029
Avira (no cloud) W2000M/Agent.0038880 20181028
Baidu VBA.Trojan-Downloader.Agent.bku 20181026
BitDefender Trojan.GenericKD.5033326 20181029
CAT-QuickHeal W97M.Downloader.4956 20181028
ClamAV Doc.Dropper.Agent-6538434-0 20181028
Cyren W97M/Agent.gen 20181029
Emsisoft Trojan.GenericKD.5033326 (B) 20181029
Endgame malicious (high confidence) 20180730
ESET-NOD32 VBA/TrojanDownloader.Agent.DEC 20181028
F-Prot W97M/Agent.gen 20181028
F-Secure Trojan.GenericKD.5033326 20181028
Fortinet WM/Agent.2A22!tr 20181028
GData Trojan.GenericKD.5033326 20181028
Ikarus Trojan-Downloader.VBA.Agent 20181028
K7AntiVirus Trojan ( 00536d111 ) 20181028
K7GW Trojan ( 00536d111 ) 20181025
Kaspersky HEUR:Trojan.Script.Agent.gen 20181029
MAX malware (ai score=99) 20181029
McAfee RDN/Generic Downloader.x 20181028
McAfee-GW-Edition BehavesLike.Downloader.cg 20181028
Microsoft TrojanDownloader:O97M/Donoff 20181029
eScan Trojan.GenericKD.5033326 20181028
NANO-Antivirus Trojan.Ole2.Vbs-heuristic.druvzi 20181028
Qihoo-360 virus.office.qexvmc.1075 20181029
Rising Downloader.Donoff!8.36C (TOPIS:oyCP6B1M1j) 20181028
SentinelOne (Static ML) static engine - malicious 20181011
Sophos AV Troj/DocDl-IYK 20181029
Symantec Trojan.Gen.2 20181028
TACHYON Suspicious/W97M.Obfus.Gen.1 20181029
Tencent Heur:Trojan.Script.LS_Gencirc.7062922.0 20181029
TrendMicro W2KM_DLOADR.YSZ 20181028
TrendMicro-HouseCall W2KM_DLOADR.YSZ 20181029
ViRobot DOC.Z.Agent.121344.BE 20181028
ZoneAlarm by Check Point HEUR:Trojan.Script.Agent.gen 20181029
Zoner Probably W97Obfuscated 20181029
AegisLab 20181029
Alibaba 20180921
Avast-Mobile 20181028
Babable 20180918
Bkav 20181025
CMC 20181028
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181029
DrWeb 20181029
eGambit 20181029
Sophos ML 20180717
Jiangmin 20181028
Kingsoft 20181029
Malwarebytes 20181029
Palo Alto Networks (Known Signatures) 20181029
Panda 20181028
SUPERAntiSpyware 20181022
Symantec Mobile Insight 20181026
TheHacker 20181025
TotalDefense 20181028
Trustlook 20181029
VBA32 20181026
Webroot 20181029
Yandex 20181026
Zillya 20181028
The file being studied follows the Compound Document File format! More specifically, it is a MS Word Document file.
Commonly abused properties
The studied file makes use of macros, a macro is a series of commands and instructions that you group together as a single command to accomplish a task automatically. Macros are often abused to perform malicious tasks when working with a document.
May create OLE objects.
Seems to contain deobfuscation code.
Summary
last_author
Lupas Computers
creation_datetime
2017-01-19 16:05:00
revision_number
3
author
User
page_count
1
last_saved
2017-05-09 01:41:00
edit_time
60
template
Normal.dotm
application_name
Microsoft Office Word
character_count
1
code_page
Latin I
Document summary
line_count
1
characters_with_spaces
1
version
786432
paragraph_count
1
code_page
Latin I
OLE Streams
name
Root Entry
clsid
00020906-0000-0000-c000-000000000046
type_literal
root
clsid_literal
MS Word
sid
0
size
1984
type_literal
stream
sid
14
name
\x01CompObj
size
121
type_literal
stream
sid
5
name
\x05DocumentSummaryInformation
size
4096
type_literal
stream
sid
4
name
\x05SummaryInformation
size
4096
type_literal
stream
sid
2
name
1Table
size
6520
type_literal
stream
sid
1
name
Data
size
73958
type_literal
stream
sid
13
name
Macros/PROJECT
size
410
type_literal
stream
sid
12
name
Macros/PROJECTwm
size
65
type_literal
stream
sid
9
type
macro (only attributes)
name
Macros/VBA/Module1
size
690
type_literal
stream
sid
8
type
macro
name
Macros/VBA/ThisDocument
size
16324
type_literal
stream
sid
10
name
Macros/VBA/_VBA_PROJECT
size
4827
type_literal
stream
sid
11
name
Macros/VBA/dir
size
573
type_literal
stream
sid
3
name
WordDocument
size
4096
Macros and VBA code streams
[+] ThisDocument.cls Macros/VBA/ThisDocument 7222 bytes
create-ole obfuscated
ExifTool file metadata
SharedDoc
No

Author
User

HyperlinksChanged
No

System
Windows

LinksUpToDate
No

LastModifiedBy
Lupas Computers

HeadingPairs
Title, 1

Identification
Word 8.0

Template
Normal.dotm

CharCountWithSpaces
1

CreateDate
2017:01:19 15:05:00

Word97
No

LanguageCode
English (US)

CompObjUserType
Microsoft Office Word 97-2003 Document

ModifyDate
2017:05:09 00:41:00

Characters
1

CodePage
Windows Latin 1 (Western European)

RevisionNumber
3

MIMEType
application/msword

Words
0

FileType
DOC

Lines
1

AppVersion
12.0

Security
None

Software
Microsoft Office Word

TotalEditTime
1 minute

Pages
1

ScaleCrop
No

CompObjUserTypeLen
39

FileTypeExtension
doc

Paragraphs
1

LastPrinted
0000:00:00 00:00:00

DocFlags
Has picture, 1Table, ExtChar

Compressed bundles
File identification
MD5 6d071548627b5ddc42b9b6c991a5be1f
SHA1 c19141338d285eb290d1321bec747722028167ee
SHA256 70713bda45c4b4a1791dd5f7bc3dcb124469a9a3525d643fe7ba9493a23998c5
ssdeep
768:FnT0dyNWfQpg0dd4M4mBW4YfFagpLlrDQob8a56NhB+XDDQoWUdNIUtPr/2H6n0i:FT0Xfsdd4iPQJQlaNDDXjzOH60+yGTd

Tamaño del fichero 118.5 KB ( 121344 bytes )
Tipo MS Word Document
Magic literal
CDF V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Author: User, Template: Normal.dotm, Last Saved By: Lupas Computers, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 01:00, Create Time/Date: Wed Jan 18 15:05:00 2017, Last Saved Time/Date: Mon May 08 00:41:00 2017, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0

TrID Microsoft Word document (80.0%)
Generic OLE2 / Multistream Compound File (20.0%)
Tags
obfuscated macros create-ole attachment doc

VirusTotal metadata
First submission 2017-05-09 07:30:47 UTC ( hace 1 año, 10 meses )
Last submission 2018-05-16 00:10:03 UTC ( hace 10 meses, 2 semanas )
Nombres LE YE V107 MAPUTO-BL.doc
__substg1.0_37010102
No hay comentarios. Ningún usuario ha comentado aún. ¡Sea el primero en hacerlo!

Deje su comentario...

?
Enviar comentario

No ha iniciado sesión. Solo los usuarios registrados pueden escribir comentarios.

No hay votos. Nadie ha votado aún. ¡Sea el primero!